support home

Back to website
Welcome
Login  Sign up
  1. Discussions
  2. iubenda Forum
  3. Services/Clauses Requests

Generic OAuth

F
Forum contact
started a topic over 9 years ago

My SaaS will integrate 100+ services through OAuth. Adding an entry for each service into the privacy policy is not my preferred solution. Is it somehow possible to formulate a legal text that covers all OAuth'd services in a generic, single entry?

  • Jacopo Pesce
    said over 9 years ago
    Hi Nico, sorry for the late reply. I needed to think about this for a while. The problem is that you'll want to disclose to the user who exactly is doing the connection legwork and who will be receiving user data. The most correct way I can think of is to write down exactly what an Oauth connection does: which data you are getting and which data the Oauth partner gets. Then you'll tell the user that this exact data will be shared with whichever provider the user chooses and that they should be aware of this and check out this partner's privacy related processes. It's not nice, but it's the best I can come up with.
  • Jacopo Pesce
    said over 9 years ago
    Hi Simon, thanks for your great answer. It helped me understand the requirements a lot. Actually, I have a special case: I use OAuth only to get data from the providers. I don't share my user's data with the OAuth provider. The only thing the OAuth provider gets to know is that its user made a connection to my app. Could it be that I even don't have to mention that in my privacy policy at all?
  • Jacopo Pesce
    said over 9 years ago
    One thing in addition: The data I get from the OAuth provider is shared with other services I already list in my privacy policy. All data I retrieve from the OAuth provider is at least stored in my database and thus shared with my hosting service. And also may be shared e.g. if a user sends a service request through my customer support widget with a screenshot attached. Does this require mentioning in the privacy policy?
  • Jacopo Pesce
    said over 9 years ago
    Hi Nico, You're doing a good job explaining to me what's happening behind the scenes. This is exactly what your users want to know as well (ok they may not want to know this, but that's what privacy regulation is about. Your users don't necessarily expect or know that the third party provider knows which apps they use, what information you posses etc). Are you getting a clearer picture here? Simon
Login or Signup to post a comment
Topics in this forum
View all (2471)

Didn't find what you were looking for?

Start a new topic